← back
CVE-2019-11325

CVE-2019-11325

EPSS 3.4%
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/symfony/symfony/releases/tag/v4.3.8https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporterhttps://symfony.com/blog/symfony-4-3-8-released